similar to: ICMP into guest not "working"

Thanks a lot for your hints Pasi. Due to your suggestion I open a new thread here. I have tested with model=e1000 (HVMs). As HVM configs are identical (not iso images and LVM volumes) I guess it is a xen 4.1.2* issue .. or just involved domU OS-kernels (however as it is HVM it should not play any role) Tested and correctly working OSes (getting an IP address and pinging of

Here are some notes I have about Linux bridging. I''ll try to separate what I know I know from what I think I know. Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP Address of, say, 1.2.3.2. This is how to do it: echo "Setting up br0 to bridge eth0 with eth1 and eth2" /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0

In a ADS(Adv Serv 2003) setup with a few linux members, I'd like to achieve consistent UIDs for domain users across these linux machines, and idmap_rid seems to be exactly what I'm looking for. However, I cannot get winbind to create uids or gids from SIDs at all. Any hints? --Erik S. Johansen ares samba # smbd -V Version 3.0.10 ares samba # pwd /var/cache/samba ares samba # rm *.tdb

It was decided during xen patch review that xen map the iomem transparently, so remove xen_set_clr_mmio_pvh_pte() and the sub hypercall PHYSDEVOP_map_iomem. --- arch/x86/xen/mmu.c | 14 -------------- arch/x86/xen/setup.c | 16 ++++------------ include/xen/interface/physdev.h | 10 ---------- 3 files changed, 4 insertions(+), 36 deletions(-) diff --git

Hello...I have a Slackware based machine doing routing & QoS for my internal LAN users... It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105) and eth0(100mbps) that connects to my local LAN... I''am using shorewall as a firewall...i think it''s configured well as it''s working as i want and i pass all the online firewall tests... :D All lan

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I previously had WPA radius authentication working from my laptop to my home network with the laptop running Fedora Core 6 and the server running freeRadius under CentOS 4.4 (freeradius-1.0.1-3.RHEL4.3). I'm attempting to move my FC 6 boxes to CentOS 5 so I decided to pick on the laptop first. Unfortunately, I neglected to backup /etc before doing the CentOS 5 install (bad Dave, bad

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hi, we are trying to secure our Xen boxes with IPtables on Dom0 but we always seem to get cut off and can only cure it be rebooting the box. Has anyone got a sucessful config they can share that secures the server with one nic? We are using Xen 3.0.4 thanks Ian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

Hi, Our company''s main line is quite busy the whole day and my shaping is working perfect, however even if I give icmp priority the pings still jump around quite a bit. We do have a backup line which hardly get used only if the main line drops. I''ve set ip rule to route all icmp through that and now the pings are perfect. Will this make a difference for the game players etc,

Hi folks, in 2.4 kernels, device matching for bridged packets was done with iptables -i/-o. Since 2.6, I was used to use -m physdev here. In 2.6.18, This seems to be more complicated. At least the filter/INPUT chain now doesn't match with -m physdev --physdev-in anymore, but FORWARD and OUTPUT does. I also read the note that -m phydev is now deprecated for non-bridged traffic. Does this

Hi Tom and other gurus, I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net

Good afternoon from Singapore, I came across this Linux Journal article titled "DIY: Build a Custom Minimal Linux Distribution from Source", written by Petros Koutoupis. Link: <https://www.linuxjournal.com/content/diy-build-custom-minimal-linux-distribution-source> https://www.linuxjournal.com/content/diy-build-custom-minimal-linux-distribution-source Are the instructions in this

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

Hi, i have problems with the network between pv-domains and the real network. I done an upgrade with apt-get in debian an now i have xen4.1 with kernel 3.2.9 first i must chance the vif-bridge script from http://nopaste.php-q.net/194087 to http://nopaste.php-q.net/194084 now i have a connection from pv to dom0 and the windows hvm, but no connection between physical network an the pv